[PATCH] Add command 'check' to check passwords against HIBP
Tristan Miller
psychonaut at nothingisreal.com
Fri Jan 18 10:14:00 CET 2019
Greetings.
On Thu, 17 Jan 2019 14:48:04 -0800, Pass Word
<passwordstore at 89vx.net> wrote:
> Someone asked on irc today for an option to check passwords against
> the Have I Been Pwned website to see if they are already
> compromised. It is probably extremely rare for a password generated
> with pass to already be on there but whatever, it is still somewhat
> useful to check other passwords you might have stored in pass.
I wouldn't say that finding a pass-generated password listed on Have I
Been Pwned is "extremely rare" -- the breaches recorded there
come from websites that stored passwords insecurely (such as in
plaintext). So no matter how secure a password you chose for such a
website, it will still be catalogued on HIBP.
I do generate all my passwords randomly, and use a unique password on
each site. Still, it's important for me to know if any of these are
compromised so that I can change the password on the affected site.
Thanks to the other posters in this thread for sharing the tools they
use to mass-check the password store against HIBP in a secure way.
Regards,
Tristan
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Tristan Miller
Free Software developer, ferret herder, logologist
https://logological.org/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20190118/7f475720/attachment.asc>
More information about the Password-Store
mailing list